maria-discuss team mailing list archive
Mailing list archive
Re: How do I determine if versions of phpMyAdmin before 4.8.5 is SQL Injectable using sqlmap?
Reindl's (funny) comments aside. Why still use phpMyAdmin in this day and
age. Nearly every maria/percona/mysql client supports ssh tunneling.
SequelPro on Mac, Heidi (or others) on Windows, and any windows client
running through wine if your desktop/laptop is linux. Also developers can
just use intellij or similar IDE's that have a database pane.
Trusting administration to an exposed phpMyAdmin in this day and age
frightens me greatly. Also if you had an HIDS server running to track bad
phpMyAdmin logins i bet there would be a ton of alerts. I've blocked all
such attempts in my IPS even though i don't have phpMyAdmin.
I realize this does not answer your question, but if this fits into your
architecture i'd say good by to that web interface.
On Wed, Apr 17, 2019 at 10:54 AM Reindl Harald <h.reindl@xxxxxxxxxxxxx>
> Am 17.04.19 um 16:50 schrieb Turritopsis Dohrnii Teo En Ming:
> > Subject/Topic: How do I determine if versions of phpMyAdmin before 4.8.5
> is SQL Injectable using sqlmap?
> frankly are you drunken?
> you posted this exactly same message to
> * phpmyadmin list TWICE
> * oracle mysql list
> * now mariadb list
> i seriously looked if my mailserver has a problem - stop it damned!
> Mailing list: https://launchpad.net/~maria-discuss
> Post to : maria-discuss@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~maria-discuss
> More help : https://help.launchpad.net/ListHelp